I suppose you bring this topic to the next community meeting. In my opinion jolla should communicate in cases like this more actively in the forum.
They could at least provide a high level explanation of their security model.
Maybe we can trigger this by raising awareness in the meeting.
As of your concerns regarding what can be triggered by apps in the system, this is done by using a special uri, which triggers the mime handler listening for this url pattern. There is a mime handler for opening the send mail dialog with prefilled data, but i doubt there is one which directly sends the mail. Although theoretically some app could be triggered, where actual harm could be done via mime handlers. I don’t know what the security concept is here, thats something that could be asked at the meeting as well.
Systems always have to find a balance between security and usability, thus I think user input is really valuable here for jolla.